bump(github.com/opencontainers/runc): 595bea022f077a9e17d7473b34fbaf1adaed9e43
This commit is contained in:
		
							
								
								
									
										64
									
								
								Godeps/Godeps.json
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										64
									
								
								Godeps/Godeps.json
									
									
									
										generated
									
									
									
								
							| @@ -2355,83 +2355,83 @@ | ||||
| 		}, | ||||
| 		{ | ||||
| 			"ImportPath": "github.com/opencontainers/runc/libcontainer", | ||||
| 			"Comment": "v1.0.0-rc4-197-gd5b4a3e", | ||||
| 			"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db" | ||||
| 			"Comment": "v1.0.0-rc4-221-g595bea02", | ||||
| 			"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"ImportPath": "github.com/opencontainers/runc/libcontainer/apparmor", | ||||
| 			"Comment": "v1.0.0-rc4-197-gd5b4a3e", | ||||
| 			"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db" | ||||
| 			"Comment": "v1.0.0-rc4-221-g595bea02", | ||||
| 			"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"ImportPath": "github.com/opencontainers/runc/libcontainer/cgroups", | ||||
| 			"Comment": "v1.0.0-rc4-197-gd5b4a3e", | ||||
| 			"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db" | ||||
| 			"Comment": "v1.0.0-rc4-221-g595bea02", | ||||
| 			"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"ImportPath": "github.com/opencontainers/runc/libcontainer/cgroups/fs", | ||||
| 			"Comment": "v1.0.0-rc4-197-gd5b4a3e", | ||||
| 			"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db" | ||||
| 			"Comment": "v1.0.0-rc4-221-g595bea02", | ||||
| 			"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"ImportPath": "github.com/opencontainers/runc/libcontainer/cgroups/systemd", | ||||
| 			"Comment": "v1.0.0-rc4-197-gd5b4a3e", | ||||
| 			"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db" | ||||
| 			"Comment": "v1.0.0-rc4-221-g595bea02", | ||||
| 			"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"ImportPath": "github.com/opencontainers/runc/libcontainer/configs", | ||||
| 			"Comment": "v1.0.0-rc4-197-gd5b4a3e", | ||||
| 			"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db" | ||||
| 			"Comment": "v1.0.0-rc4-221-g595bea02", | ||||
| 			"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"ImportPath": "github.com/opencontainers/runc/libcontainer/configs/validate", | ||||
| 			"Comment": "v1.0.0-rc4-197-gd5b4a3e", | ||||
| 			"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db" | ||||
| 			"Comment": "v1.0.0-rc4-221-g595bea02", | ||||
| 			"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"ImportPath": "github.com/opencontainers/runc/libcontainer/criurpc", | ||||
| 			"Comment": "v1.0.0-rc4-197-gd5b4a3e", | ||||
| 			"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db" | ||||
| 			"Comment": "v1.0.0-rc4-221-g595bea02", | ||||
| 			"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"ImportPath": "github.com/opencontainers/runc/libcontainer/intelrdt", | ||||
| 			"Comment": "v1.0.0-rc4-197-gd5b4a3e", | ||||
| 			"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db" | ||||
| 			"Comment": "v1.0.0-rc4-221-g595bea02", | ||||
| 			"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"ImportPath": "github.com/opencontainers/runc/libcontainer/keys", | ||||
| 			"Comment": "v1.0.0-rc4-197-gd5b4a3e", | ||||
| 			"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db" | ||||
| 			"Comment": "v1.0.0-rc4-221-g595bea02", | ||||
| 			"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"ImportPath": "github.com/opencontainers/runc/libcontainer/mount", | ||||
| 			"Comment": "v1.0.0-rc4-197-gd5b4a3e", | ||||
| 			"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db" | ||||
| 			"Comment": "v1.0.0-rc4-221-g595bea02", | ||||
| 			"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"ImportPath": "github.com/opencontainers/runc/libcontainer/seccomp", | ||||
| 			"Comment": "v1.0.0-rc4-197-gd5b4a3e", | ||||
| 			"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db" | ||||
| 			"Comment": "v1.0.0-rc4-221-g595bea02", | ||||
| 			"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"ImportPath": "github.com/opencontainers/runc/libcontainer/stacktrace", | ||||
| 			"Comment": "v1.0.0-rc4-197-gd5b4a3e", | ||||
| 			"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db" | ||||
| 			"Comment": "v1.0.0-rc4-221-g595bea02", | ||||
| 			"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"ImportPath": "github.com/opencontainers/runc/libcontainer/system", | ||||
| 			"Comment": "v1.0.0-rc4-197-gd5b4a3e", | ||||
| 			"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db" | ||||
| 			"Comment": "v1.0.0-rc4-221-g595bea02", | ||||
| 			"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"ImportPath": "github.com/opencontainers/runc/libcontainer/user", | ||||
| 			"Comment": "v1.0.0-rc4-197-gd5b4a3e", | ||||
| 			"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db" | ||||
| 			"Comment": "v1.0.0-rc4-221-g595bea02", | ||||
| 			"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"ImportPath": "github.com/opencontainers/runc/libcontainer/utils", | ||||
| 			"Comment": "v1.0.0-rc4-197-gd5b4a3e", | ||||
| 			"Rev": "d5b4a3eddbe4c890843da971b64f45a0f023f4db" | ||||
| 			"Comment": "v1.0.0-rc4-221-g595bea02", | ||||
| 			"Rev": "595bea022f077a9e17d7473b34fbaf1adaed9e43" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"ImportPath": "github.com/opencontainers/runtime-spec/specs-go", | ||||
|   | ||||
							
								
								
									
										3
									
								
								vendor/github.com/opencontainers/runc/libcontainer/capabilities_linux.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										3
									
								
								vendor/github.com/opencontainers/runc/libcontainer/capabilities_linux.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -4,7 +4,6 @@ package libcontainer | ||||
|  | ||||
| import ( | ||||
| 	"fmt" | ||||
| 	"os" | ||||
| 	"strings" | ||||
|  | ||||
| 	"github.com/opencontainers/runc/libcontainer/configs" | ||||
| @@ -72,7 +71,7 @@ func newContainerCapList(capConfig *configs.Capabilities) (*containerCapabilitie | ||||
| 		} | ||||
| 		ambient = append(ambient, v) | ||||
| 	} | ||||
| 	pid, err := capability.NewPid(os.Getpid()) | ||||
| 	pid, err := capability.NewPid(0) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
|   | ||||
							
								
								
									
										5
									
								
								vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_systemd.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										5
									
								
								vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_systemd.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -395,7 +395,7 @@ func joinCgroups(c *configs.Cgroup, pid int) error { | ||||
|  | ||||
| // systemd represents slice hierarchy using `-`, so we need to follow suit when | ||||
| // generating the path of slice. Essentially, test-a-b.slice becomes | ||||
| // test.slice/test-a.slice/test-a-b.slice. | ||||
| // /test.slice/test-a.slice/test-a-b.slice. | ||||
| func ExpandSlice(slice string) (string, error) { | ||||
| 	suffix := ".slice" | ||||
| 	// Name has to end with ".slice", but can't be just ".slice". | ||||
| @@ -421,10 +421,9 @@ func ExpandSlice(slice string) (string, error) { | ||||
| 		} | ||||
|  | ||||
| 		// Append the component to the path and to the prefix. | ||||
| 		path += prefix + component + suffix + "/" | ||||
| 		path += "/" + prefix + component + suffix | ||||
| 		prefix += component + "-" | ||||
| 	} | ||||
|  | ||||
| 	return path, nil | ||||
| } | ||||
|  | ||||
|   | ||||
							
								
								
									
										92
									
								
								vendor/github.com/opencontainers/runc/libcontainer/container_linux.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										92
									
								
								vendor/github.com/opencontainers/runc/libcontainer/container_linux.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -5,6 +5,7 @@ package libcontainer | ||||
| import ( | ||||
| 	"bytes" | ||||
| 	"encoding/json" | ||||
| 	"errors" | ||||
| 	"fmt" | ||||
| 	"io" | ||||
| 	"io/ioutil" | ||||
| @@ -267,20 +268,71 @@ func (c *linuxContainer) Exec() error { | ||||
|  | ||||
| func (c *linuxContainer) exec() error { | ||||
| 	path := filepath.Join(c.root, execFifoFilename) | ||||
| 	f, err := os.OpenFile(path, os.O_RDONLY, 0) | ||||
| 	if err != nil { | ||||
| 		return newSystemErrorWithCause(err, "open exec fifo for reading") | ||||
|  | ||||
| 	fifoOpen := make(chan struct{}) | ||||
| 	select { | ||||
| 	case <-awaitProcessExit(c.initProcess.pid(), fifoOpen): | ||||
| 		return errors.New("container process is already dead") | ||||
| 	case result := <-awaitFifoOpen(path): | ||||
| 		close(fifoOpen) | ||||
| 		if result.err != nil { | ||||
| 			return result.err | ||||
| 		} | ||||
| 		f := result.file | ||||
| 		defer f.Close() | ||||
| 		if err := readFromExecFifo(f); err != nil { | ||||
| 			return err | ||||
| 		} | ||||
| 		return os.Remove(path) | ||||
| 	} | ||||
| 	defer f.Close() | ||||
| 	data, err := ioutil.ReadAll(f) | ||||
| } | ||||
|  | ||||
| func readFromExecFifo(execFifo io.Reader) error { | ||||
| 	data, err := ioutil.ReadAll(execFifo) | ||||
| 	if err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| 	if len(data) > 0 { | ||||
| 		os.Remove(path) | ||||
| 		return nil | ||||
| 	if len(data) <= 0 { | ||||
| 		return fmt.Errorf("cannot start an already running container") | ||||
| 	} | ||||
| 	return fmt.Errorf("cannot start an already running container") | ||||
| 	return nil | ||||
| } | ||||
|  | ||||
| func awaitProcessExit(pid int, exit <-chan struct{}) <-chan struct{} { | ||||
| 	isDead := make(chan struct{}) | ||||
| 	go func() { | ||||
| 		for { | ||||
| 			select { | ||||
| 			case <-exit: | ||||
| 				return | ||||
| 			case <-time.After(time.Millisecond * 100): | ||||
| 				stat, err := system.Stat(pid) | ||||
| 				if err != nil || stat.State == system.Zombie { | ||||
| 					close(isDead) | ||||
| 					return | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	}() | ||||
| 	return isDead | ||||
| } | ||||
|  | ||||
| func awaitFifoOpen(path string) <-chan openResult { | ||||
| 	fifoOpened := make(chan openResult) | ||||
| 	go func() { | ||||
| 		f, err := os.OpenFile(path, os.O_RDONLY, 0) | ||||
| 		if err != nil { | ||||
| 			fifoOpened <- openResult{err: newSystemErrorWithCause(err, "open exec fifo for reading")} | ||||
| 			return | ||||
| 		} | ||||
| 		fifoOpened <- openResult{file: f} | ||||
| 	}() | ||||
| 	return fifoOpened | ||||
| } | ||||
|  | ||||
| type openResult struct { | ||||
| 	file *os.File | ||||
| 	err  error | ||||
| } | ||||
|  | ||||
| func (c *linuxContainer) start(process *Process, isInit bool) error { | ||||
| @@ -308,11 +360,13 @@ func (c *linuxContainer) start(process *Process, isInit bool) error { | ||||
| 		c.initProcessStartTime = state.InitProcessStartTime | ||||
|  | ||||
| 		if c.config.Hooks != nil { | ||||
| 			bundle, annotations := utils.Annotations(c.config.Labels) | ||||
| 			s := configs.HookState{ | ||||
| 				Version: c.config.Version, | ||||
| 				ID:      c.id, | ||||
| 				Pid:     parent.pid(), | ||||
| 				Bundle:  utils.SearchLabels(c.config.Labels, "bundle"), | ||||
| 				Version:     c.config.Version, | ||||
| 				ID:          c.id, | ||||
| 				Pid:         parent.pid(), | ||||
| 				Bundle:      bundle, | ||||
| 				Annotations: annotations, | ||||
| 			} | ||||
| 			for i, hook := range c.config.Hooks.Poststart { | ||||
| 				if err := hook.Run(s); err != nil { | ||||
| @@ -1436,11 +1490,13 @@ func (c *linuxContainer) criuNotifications(resp *criurpc.CriuResp, process *Proc | ||||
| 		} | ||||
| 	case notify.GetScript() == "setup-namespaces": | ||||
| 		if c.config.Hooks != nil { | ||||
| 			bundle, annotations := utils.Annotations(c.config.Labels) | ||||
| 			s := configs.HookState{ | ||||
| 				Version: c.config.Version, | ||||
| 				ID:      c.id, | ||||
| 				Pid:     int(notify.GetPid()), | ||||
| 				Bundle:  utils.SearchLabels(c.config.Labels, "bundle"), | ||||
| 				Version:     c.config.Version, | ||||
| 				ID:          c.id, | ||||
| 				Pid:         int(notify.GetPid()), | ||||
| 				Bundle:      bundle, | ||||
| 				Annotations: annotations, | ||||
| 			} | ||||
| 			for i, hook := range c.config.Hooks.Prestart { | ||||
| 				if err := hook.Run(s); err != nil { | ||||
| @@ -1748,7 +1804,7 @@ func (c *linuxContainer) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Na | ||||
| 			// The following only applies if we are root. | ||||
| 			if !c.config.Rootless { | ||||
| 				// check if we have CAP_SETGID to setgroup properly | ||||
| 				pid, err := capability.NewPid(os.Getpid()) | ||||
| 				pid, err := capability.NewPid(0) | ||||
| 				if err != nil { | ||||
| 					return nil, err | ||||
| 				} | ||||
|   | ||||
							
								
								
									
										20
									
								
								vendor/github.com/opencontainers/runc/libcontainer/process_linux.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										20
									
								
								vendor/github.com/opencontainers/runc/libcontainer/process_linux.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -341,11 +341,13 @@ func (p *initProcess) start() error { | ||||
| 				} | ||||
|  | ||||
| 				if p.config.Config.Hooks != nil { | ||||
| 					bundle, annotations := utils.Annotations(p.container.config.Labels) | ||||
| 					s := configs.HookState{ | ||||
| 						Version: p.container.config.Version, | ||||
| 						ID:      p.container.id, | ||||
| 						Pid:     p.pid(), | ||||
| 						Bundle:  utils.SearchLabels(p.config.Config.Labels, "bundle"), | ||||
| 						Version:     p.container.config.Version, | ||||
| 						ID:          p.container.id, | ||||
| 						Pid:         p.pid(), | ||||
| 						Bundle:      bundle, | ||||
| 						Annotations: annotations, | ||||
| 					} | ||||
| 					for i, hook := range p.config.Config.Hooks.Prestart { | ||||
| 						if err := hook.Run(s); err != nil { | ||||
| @@ -370,11 +372,13 @@ func (p *initProcess) start() error { | ||||
| 				} | ||||
| 			} | ||||
| 			if p.config.Config.Hooks != nil { | ||||
| 				bundle, annotations := utils.Annotations(p.container.config.Labels) | ||||
| 				s := configs.HookState{ | ||||
| 					Version: p.container.config.Version, | ||||
| 					ID:      p.container.id, | ||||
| 					Pid:     p.pid(), | ||||
| 					Bundle:  utils.SearchLabels(p.config.Config.Labels, "bundle"), | ||||
| 					Version:     p.container.config.Version, | ||||
| 					ID:          p.container.id, | ||||
| 					Pid:         p.pid(), | ||||
| 					Bundle:      bundle, | ||||
| 					Annotations: annotations, | ||||
| 				} | ||||
| 				for i, hook := range p.config.Config.Hooks.Prestart { | ||||
| 					if err := hook.Run(s); err != nil { | ||||
|   | ||||
							
								
								
									
										8
									
								
								vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										8
									
								
								vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -100,8 +100,10 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig) (err error) { | ||||
|  | ||||
| 	if config.NoPivotRoot { | ||||
| 		err = msMoveRoot(config.Rootfs) | ||||
| 	} else { | ||||
| 	} else if config.Namespaces.Contains(configs.NEWNS) { | ||||
| 		err = pivotRoot(config.Rootfs) | ||||
| 	} else { | ||||
| 		err = chroot(config.Rootfs) | ||||
| 	} | ||||
| 	if err != nil { | ||||
| 		return newSystemErrorWithCause(err, "jailing process inside rootfs") | ||||
| @@ -702,6 +704,10 @@ func msMoveRoot(rootfs string) error { | ||||
| 	if err := unix.Mount(rootfs, "/", "", unix.MS_MOVE, ""); err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| 	return chroot(rootfs) | ||||
| } | ||||
|  | ||||
| func chroot(rootfs string) error { | ||||
| 	if err := unix.Chroot("."); err != nil { | ||||
| 		return err | ||||
| 	} | ||||
|   | ||||
							
								
								
									
										9
									
								
								vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										9
									
								
								vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -65,14 +65,9 @@ func (l *linuxStandardInit) Init() error { | ||||
| 	} | ||||
|  | ||||
| 	label.Init() | ||||
|  | ||||
| 	// prepareRootfs() can be executed only for a new mount namespace. | ||||
| 	if l.config.Config.Namespaces.Contains(configs.NEWNS) { | ||||
| 		if err := prepareRootfs(l.pipe, l.config); err != nil { | ||||
| 			return err | ||||
| 		} | ||||
| 	if err := prepareRootfs(l.pipe, l.config); err != nil { | ||||
| 		return err | ||||
| 	} | ||||
|  | ||||
| 	// Set up the console. This has to be done *before* we finalize the rootfs, | ||||
| 	// but *after* we've given the user the chance to set up all of the mounts | ||||
| 	// they wanted. | ||||
|   | ||||
							
								
								
									
										8
									
								
								vendor/github.com/opencontainers/runc/libcontainer/state_linux.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										8
									
								
								vendor/github.com/opencontainers/runc/libcontainer/state_linux.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -63,10 +63,12 @@ func destroy(c *linuxContainer) error { | ||||
|  | ||||
| func runPoststopHooks(c *linuxContainer) error { | ||||
| 	if c.config.Hooks != nil { | ||||
| 		bundle, annotations := utils.Annotations(c.config.Labels) | ||||
| 		s := configs.HookState{ | ||||
| 			Version: c.config.Version, | ||||
| 			ID:      c.id, | ||||
| 			Bundle:  utils.SearchLabels(c.config.Labels, "bundle"), | ||||
| 			Version:     c.config.Version, | ||||
| 			ID:          c.id, | ||||
| 			Bundle:      bundle, | ||||
| 			Annotations: annotations, | ||||
| 		} | ||||
| 		for _, hook := range c.config.Hooks.Poststop { | ||||
| 			if err := hook.Run(s); err != nil { | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 ravisantoshgudimetla
					ravisantoshgudimetla